The administrator account for the local domain would by default be allowed to logon to the DC locally. All other accounts likely would not be allowed to logon locally to the DC.
Workstation logons should occur with user accounts. Remote domains are a level of complexity that don't belong in the initial troubleshooting IMHO. Get the local domain resources working first and then worry about the other domain identities. Questions: When you say administrator and are talking about local workstations, are you talking about local administrator or domain administrator? Domain users cannot logon? What error in the event log during logon events? Is your domain controller showing any errors in the logs? How about name resolution? Is that correctly working? What happens when you create a new account and try to use that for workstation logon? -Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Wednesday, May 18, 2005 2:37 PM To: [email protected] Subject: Re: [ActiveDir] Unable to log you on because if an account restriction I get it when logging on directly to the DC; member server and workstation Additionally I get the same message if I try to logon to the DC using the administrator account from another domain. Mark -----Original Message----- From: "Al Mulnick" <[EMAIL PROTECTED]> Date: Wed, 18 May 2005 13:06:15 To:<[email protected]> Subject: RE: [ActiveDir] Unable to log you on because if an account restriction Are you trying to logon to the domain controller directly? Do you get the same result when logging on with a workstation that's a member of the newly restored domain properly? Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Wednesday, May 18, 2005 12:31 PM To: [email protected] Subject: Re: [ActiveDir] Unable to log you on because if an account restriction I have already done that, And no joy. Regards Mark -----Original Message----- From: "Rick Kingslan" <[EMAIL PROTECTED]> Date: Wed, 18 May 2005 09:36:02 To:<[email protected]> Subject: RE: [ActiveDir] Unable to log you on because if an account restriction Mark, This may be a bit bizarre, but are you certain that when you restored the DCs that the passwords of the accounts went with them? I'm not certain why this might have occurred, but remember that there is an account restriction that would apply that REQUIRES a password for all principals. And, at the moment I'm not sure that it applies to the Administrator account but I would think that it does. You are using the administrator acount and a password, yes? So, what I'd suggest is to go in as the Admin, and reset the password of a another user and have that user try and log in. Let us know how that works. -rtk -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Wednesday, May 18, 2005 6:15 AM To: [email protected] Subject: [ActiveDir] Unable to log you on because if an account restriction Dear all, I have just performed a disaster recovery of our Windows Server 2003 forest and I am now receiving the message "Unable to log you on because if an account restriction" when I try to logon with any account apart from the administrator account. I have a two domain forest X.com and child.x.com When the DC's were first restored and were not communicating with Each other I could logon using any account, now that the DC's are talking and replicating I cannot, now only the administrator account works. I have ensured the GPO's are set correctly, I can see nothing obvious in the event logs so now it's time to ask my peers if they have experienced any such issues. I have restored many forests in DR situations and never experienced this issue beforer. Thanks in advance. Mark List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
